Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2024-9120 doesn't show CVSS scores even though mapped in VulnCheck and CISA ADP section of NVD #22564

Closed
zayhanlon opened this issue Oct 2, 2024 · 6 comments
Closed

CVE-2024-9120 doesn't show CVSS scores even though mapped in VulnCheck and CISA ADP section of NVD #22564

zayhanlon opened this issue Oct 2, 2024 · 6 comments
Assignees
@mostlikelee
Labels
bug Something isn't working as documented customer-honoria #g-endpoint-ops Endpoint ops product group :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~released bug This bug was found in a stable release. ~vulnerability-management

Comments

@zayhanlon
Copy link
Contributor

Fleet version: 4.57.1

Web browser and operating system: Chrome on macOS

πŸ’₯ Β Actual behavior

TODO
https://vulncheck.com/browse/cve/CVE-2024-9120 - CVSS scores mapped here but not appearing here:
Screenshot 2024-10-01 at 8 04 55β€―PM

πŸ§‘β€πŸ’» Β Steps to reproduce

  1. TODO
  2. TODO

πŸ•―οΈ More info (optional)

N/A
@zayhanlon zayhanlon added bug Something isn't working as documented :reproduce Involves documenting reproduction steps in the issue :incoming New issue in triage process. #g-endpoint-ops Endpoint ops product group customer-honoria and removed :reproduce Involves documenting reproduction steps in the issue labels Oct 2, 2024
@JoStableford
Copy link
Contributor

Linked to Unthread ticket:

Missing CVSS Scores for Chrome Vulnerabilities #3094)

@lukeheath lukeheath added the ~released bug This bug was found in a stable release. label Oct 4, 2024
@sharon-fdm sharon-fdm added the :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. label Oct 7, 2024
@sharon-fdm
Copy link
Collaborator

sharon-fdm commented Oct 9, 2024
edited
Loading

Timebox 1 point to investigate.
This could be a current expected behaviour (we can do this as a new story)
We prefer to estimate after we have this info.

@mostlikelee mostlikelee self-assigned this Oct 22, 2024
@mostlikelee mostlikelee mentioned this issue Oct 23, 2024
Open
@mostlikelee
Copy link
Contributor

After some investigation, this issue is not truly a bug as Fleet does not currently surface "Secondary" CVSS scores. A feature request has been opened to surface this information: #23131

@fleet-release
Copy link
Contributor

CVSS scores unseen,
Yet in VulnCheck they gleam.
Fleet's truth, yet unclean.

@sharon-fdm sharon-fdm removed the :incoming New issue in triage process. label Oct 23, 2024
@noahtalerman
Copy link
Member

this issue is not truly a bug as Fleet does not currently surface "Secondary" CVSS scores

@mostlikelee is there a spot in the guides we can add one sentence to explain this?

@mostlikelee
Copy link
Contributor

@noahtalerman great idea! let me know what you think #23388

@mostlikelee mostlikelee mentioned this issue Oct 30, 2024
Merged
rachaelshaw pushed a commit that referenced this issue Oct 30, 2024
@mostlikelee
Docs - update vuln sources (#23388)
c4ec018 
adding detail to docs vulnerability sources

reference:
#22564 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mostlikelee mostlikelee

Labels
bug Something isn't working as documented customer-honoria #g-endpoint-ops Endpoint ops product group :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~released bug This bug was found in a stable release. ~vulnerability-management
Milestone
No milestone
Development

No branches or pull requests
7 participants
@lukeheath @mostlikelee @noahtalerman @JoStableford @fleet-release @zayhanlon @sharon-fdm